diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 3ace4226f..9aab3b6f0 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -131,7 +131,7 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
-		lpd_role(staff_r, staff_t)
+		lpd_role(staff, staff_t, staff_application_exec_domain, staff_r)
 	')
 
 	optional_policy(`
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 8f7c2a84f..92aa377e1 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -572,7 +572,7 @@ optional_policy(`
 
 optional_policy(`
 	lpd_run_checkpc(sysadm_t, sysadm_r)
-	lpd_role(sysadm_r, sysadm_t)
+	lpd_role(sysadm, sysadm_t, sysadm_application_exec_domain, sysadm_r)
 ')
 
 optional_policy(`
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index 294e860c0..6f417d5b5 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -99,7 +99,7 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
-		lpd_role(user_r, user_t)
+		lpd_role(user, user_t, user_application_exec_domain, user_r)
 	')
 
 	optional_policy(`
diff --git a/policy/modules/services/lpd.if b/policy/modules/services/lpd.if
index fa3e9f28a..4f47981fe 100644
--- a/policy/modules/services/lpd.if
+++ b/policy/modules/services/lpd.if
@@ -4,18 +4,29 @@
 ## <summary>
 ##	Role access for lpd.
 ## </summary>
-## <param name="role">
+## <param name="role_prefix">
 ##	<summary>
-##	Role allowed access.
+##	The prefix of the user role (e.g., user
+##	is the prefix for user_r).
 ##	</summary>
 ## </param>
-## <param name="domain">
+## <param name="user_domain">
 ##	<summary>
 ##	User domain for the role.
 ##	</summary>
 ## </param>
+## <param name="user_exec_domain">
+##	<summary>
+##	User exec domain for execute and transition access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access
+##	</summary>
+## </param>
 #
-interface(`lpd_role',`
+template(`lpd_role',`
 	gen_require(`
 		attribute_role lpr_roles;
 		type lpr_t, lpr_exec_t;
@@ -26,22 +37,26 @@ interface(`lpd_role',`
 	# Declarations
 	#
 
-	roleattribute $1 lpr_roles;
+	roleattribute $4 lpr_roles;
 
 	########################################
 	#
 	# Policy
 	#
 
-	domtrans_pattern($2, lpr_exec_t, lpr_t)
+	domtrans_pattern($3, lpr_exec_t, lpr_t)
 
-	allow $2 lpr_t:process { ptrace signal_perms };
-	ps_process_pattern($2, lpr_t)
+	allow $3 lpr_t:process { ptrace signal_perms };
+	ps_process_pattern($3, lpr_t)
 
-	dontaudit lpr_t $2:unix_stream_socket { read write };
+	dontaudit lpr_t $3:unix_stream_socket { read write };
 
 	optional_policy(`
-		cups_read_config($2)
+		cups_read_config($3)
+	')
+
+	optional_policy(`
+		systemd_user_app_status($1, lpr_t)
 	')
 ')